Jul 27 AT 6:33 PM Clark Wimberly 96 Comments

Could launcher spam become a big problem in the Android Market?

Download LauncherSpam Demo

Today, probably like many of you, I updated the Google Maps application to discover something rather odd. Google Maps is now sporting four separate icons, one of which is a replacement for an existing stand-alone application. The strangeness stuck with me all day and what initially struck me as somewhat odd has now grown into a full-on What were they thinking?!

Before I even get started, let me preface everything I’m about to say with a hearty I can’t believe I’m about to call out Google Maps, one of my favorite and most-used applications of all time. The app and its maps have saved my tail more times than I care to count. Normally it’s a shining beacon of how an app should function on the Android OS. And while four icons might just seem like a missed step, I believe there might be a little more at stake here.

Allowing an application to place multiple icons (and thus, multiple points of entry) is a dangerous game. The Google Maps case is likely the most appropriate use of multiple icons I can imagine. All the icons are completely relevant to the core application and clearly labeled. But what would happen if an app wasn’t playing nicely? Could an unscrupulous app place dozens of hidden applications without my knowledge?

Having flashbacks to the PC days of unwanted add-on toolbars and Bonsai Buddy, I contacted Justin of nEx.Software, our resident Android guru. I asked if he knew of any limit to the number of icons a standard market application could spawn. He said there wasn’t and the idea was born.

Enter LauncherSpam, a quick demo application built in a couple hours that is already live in the Market. The idea behind LauncherSpam is simple. When installed, the app will drop a dozen spammy (although completely harmless) apps into the launcher tray. The apps (all fake) range from spyware scanners to free MP3s to ringtones and even a set of smilies (really channeling the old PC days throwback). Without warning the user, the original LauncherSpam app is able to easily spawn a dozen “hidden apps.”

If only all security risks were so forthcoming

If only all security risks were so forthcoming

Luckily for us, LauncherSpam is just a simple demo. The “hidden apps” are nothing more than silly PNG files cooked up by Angie and myself to make a point. It’s just… weird to us that this ability exists, completely unchecked by application permissions or some kind of user prompt.

If an application you trust (maybe undeservedly) comes side-loaded with a spam add-on, wouldn’t you like to know? With Google Maps, the extra icons aren’t as offensive because I know what they are and with which application they are associated with. With some of the icons you’ll find in your tray after installing LauncherSpam, you won’t be so lucky. For reference (and for fun), I made a complete list of the fake apps side-loaded with LauncherSpam:

  • Free MP3′s
  • Keyboard
  • Kitty Doc
  • LauncherSpam (core app)
  • Lightning Bug
  • Ring Me
  • Smilies
  • Spyware Agent
  • Suspicious Package
  • Tips
  • Tron
  • TweetBox
  • Virus

Most of these titles are applications you wouldn’t even give a second look to, let alone install them. But a standard market app with devious intent has the ability to make it appear that these apps are real, functioning programs on your phone. Even worse, after noticing an offending “hidden app”, the average user would have no real way of knowing which “core app” was the culprit, leading to an awkward pattern of uninstalling and evaluation to find the offending application.

At the time of publication, there doesn’t seem to be too serious a problem with Market apps spamming the launcher tray. And I’d love for it to stay that way, which is why I was so surprised to see Google behaving in such a manner. Google applications are the ruler by which other applications are measured. They are filled with best practices and all kinds of innovation. They set precedents, for better or worse. I don’t want to see less savory developers using these methods for underhanded means and thinking it is acceptable because Google Maps did it.

And now is the part where we let you, the reader, decide. Am I blowing this out of proportion? When I first asked Android users on Twitter today if four icons was too many, most didn’t seem to mind. So I ask What if it wasn’t Google?

LauncherSpam is available now in the Android Market. You can download it by scanning the QR at the top of this post or by clicking here on your device. Remember, to get rid of all the garbage apps, simply uninstall the original LauncherSpam app. The icons used in the test app were from the Crystal Clear set, via Wikimedia Commons

Clark is a developer living in Austin, Texas. He runs ClarkLab, a small web firm with his wife, Angie. He's a big fan of usability, standards, and clean design.

    Most Tweeted This Week